diff options
| author | Steve Holme <steve_holme@hotmail.com> | 2015-09-05 18:09:40 +0100 |
|---|---|---|
| committer | Steve Holme <steve_holme@hotmail.com> | 2015-11-14 10:28:05 +0000 |
| commit | febda2f3058b6a29562183b6fd514f8acd9d4e75 (patch) | |
| tree | 01b075f8e3a1df57065e0cc2840574f51d85d8e3 /lib/curl_sasl.c | |
| parent | ceb396c54a90ca37f94621acb68f9ce5610b23a3 (diff) | |
| download | curl-febda2f3058b6a29562183b6fd514f8acd9d4e75.tar.gz | |
oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP
OAUTHBEARER is now the official "registered" SASL mechanism name for
OAuth 2.0. However, we don't want to drop support for XOAUTH2 as some
servers won't support the new mechanism yet.
Diffstat (limited to 'lib/curl_sasl.c')
| -rw-r--r-- | lib/curl_sasl.c | 47 |
1 files changed, 34 insertions, 13 deletions
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index ad6b6090f..956801b71 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -57,15 +57,16 @@ const struct { size_t len; /* Name length */ unsigned int bit; /* Flag bit */ } mechtable[] = { - { "LOGIN", 5, SASL_MECH_LOGIN }, - { "PLAIN", 5, SASL_MECH_PLAIN }, - { "CRAM-MD5", 8, SASL_MECH_CRAM_MD5 }, - { "DIGEST-MD5", 10, SASL_MECH_DIGEST_MD5 }, - { "GSSAPI", 6, SASL_MECH_GSSAPI }, - { "EXTERNAL", 8, SASL_MECH_EXTERNAL }, - { "NTLM", 4, SASL_MECH_NTLM }, - { "XOAUTH2", 7, SASL_MECH_XOAUTH2 }, - { ZERO_NULL, 0, 0 } + { "LOGIN", 5, SASL_MECH_LOGIN }, + { "PLAIN", 5, SASL_MECH_PLAIN }, + { "CRAM-MD5", 8, SASL_MECH_CRAM_MD5 }, + { "DIGEST-MD5", 10, SASL_MECH_DIGEST_MD5 }, + { "GSSAPI", 6, SASL_MECH_GSSAPI }, + { "EXTERNAL", 8, SASL_MECH_EXTERNAL }, + { "NTLM", 4, SASL_MECH_NTLM }, + { "XOAUTH2", 7, SASL_MECH_XOAUTH2 }, + { "OAUTHBEARER", 11, SASL_MECH_OAUTHBEARER }, + { ZERO_NULL, 0, 0 } }; #if !defined(CURL_DISABLE_CRYPTO_AUTH) && !defined(USE_WINDOWS_SSPI) @@ -1455,7 +1456,19 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn, } else #endif - if((enabledmechs & SASL_MECH_XOAUTH2) && conn->oauth_bearer) { + if((enabledmechs & SASL_MECH_OAUTHBEARER) && conn->oauth_bearer) { + mech = SASL_MECH_STRING_OAUTHBEARER; + state1 = SASL_OAUTH2; + sasl->authused = SASL_MECH_OAUTHBEARER; + + if(force_ir || data->set.sasl_ir) + result = sasl_create_oauth_bearer_message(data, conn->user, + conn->host.name, + conn->port, + conn->oauth_bearer, + &resp, &len); + } + else if((enabledmechs & SASL_MECH_XOAUTH2) && conn->oauth_bearer) { mech = SASL_MECH_STRING_XOAUTH2; state1 = SASL_OAUTH2; sasl->authused = SASL_MECH_XOAUTH2; @@ -1641,9 +1654,17 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn, case SASL_OAUTH2: /* Create the authorisation message */ - result = sasl_create_oauth_bearer_message(data, conn->user, - NULL, 0, - conn->oauth_bearer, &resp, &len); + if(sasl->authused == SASL_MECH_OAUTHBEARER) + result = sasl_create_oauth_bearer_message(data, conn->user, + conn->host.name, + conn->port, + conn->oauth_bearer, + &resp, &len); + else + result = sasl_create_oauth_bearer_message(data, conn->user, + NULL, 0, + conn->oauth_bearer, + &resp, &len); break; case SASL_CANCEL: /* Remove the offending mechanism from the supported list */ |